SSLv3 POODLE

tl;dr – For security reasons, we’ve completely disabled SSLv3 access to both the Sendwithus API and Web app. Affected customers will need to take action to ensure they’re not attempting SSLv3 connections with our API.

Google recently uncovered a flaw in SSL 3.0, nicknamed “POODLE“, that exposes a major security vulnerability to all HTTP connections using SSL 3.0. This may include older servers and web browsers.

In response to this announcement, our hosting provider has disabled all SSL 3.0 connectivity to both our API and Web app, effective Midnight, Oct 17 2014. Most major hosting and service providers are doing the same.

This means any attempted SSL 3.0 connection to the Sendwithus API or Web app will result in connection failure. In most cases, customers will remain unaffected. However in some rare cases Sendwithus customers may need to update their OpenSSL on their production servers in order to regain API connectivity.

More information on updating OpenSSL can be found here: https://alas.aws.amazon.com/ALAS-2014-426.html

We’re working directly with all known affected customers.

If you’re experiencing API problems as a result of this recent security change, do not hesitate to reach out and we will assist as best we can.

Share this post
Tweet about this on TwitterShare on Facebook

Leave a Reply

Your email address will not be published. Required fields are marked *